For quite some time, I’ve been using a completely encrypted hard drive on my laptop, keeping it (to some degree) safe from prying eyes, in case the laptop should get stolen. Having a regular, automated backup, makes one worry less about ones data in case the laptop should really get stolen. Now, the weak link in this setup is, that the external hard drive (EHD) where the backup is stored on is not encrypted. Therefore, it’s been on my todo list for a long, long, long time to encrypt that one as well. Encryption itself is fairly easy to setup on a hard drive, the problem is that you don’t want to type in the password to unlock the hard drive whenever the server needs to get rebooted. The idea was to use a USB stick storing a keyfile that will be used to automatically unlock the external backup disk. With that scenario you can just remove the USB stick when going on holiday and the data on the hard disk stays encrypted, unless somebody knows the password. I’ve been trying to set this system up, but somehow never really got it working until now. 🙂
This blog entry will describe how to setup the encrypted hard drive and how to get the automatic unlocking implemented using the USB stick. This works for Ubuntu 9.04 – your mileage may vary with other versions.
Also note, that the EHD in this document always got mounted as
/dev/sdb1. Pay close attention to what it is on your system!
- The instructions for encrypting the EHD are mainly taken from the excellent Encrypted Filesystems On Removable Storage Ubuntu article.
- How to use a USB stick to unlock the EHD is based on the article HOWTO: Automatically Unlock LUKS Encrypted Drives With A Keyfile from the howtoforge website.